[TYPO3-dev] Auth service, authentication against external db and session
Daniel Pötzinger
operation-lan at gmx.de
Tue Feb 14 11:09:56 CET 2006
Peter Russ wrote:
> Martin Kutschker schrieb:
>> Peter Russ schrieb:
>>>
>>> So any hints welcome, if there is a way to work without any fe_user
>>> record?
>>
>> You always need one (for reference and session handling, etc). But you
>> can create a dummy record during the authentication phase.
>>
>> Masi
>
> Thanks Masi.
>
> The point is that with the standard TYPO3 solution (similar to what you
> recommend) TYPO3 "overrulez" the external authentication.
>
> Example:
> If a user logs in the external source is queried. But as long as the
> user is logged in there is NO more check if the user is still allowed to
> see restricted content, i.e. if the user gets deleted or "hidden" on the
> external system, TYPO3 doesn't realize.
>
Hello
I think this will require a query each time a request is made by the
logged in user to check if the userrecord is still correct. (additional
performance...)
But a fe_session will only be valid for some time (timeout). So if the
user gets invalid, there is only a given time for still being logged
in.. I mean it would be scarce to find a website were this is critical?
But for a more flexible auth service in this case maybe a function
getUserSessionData() or something similar (Service-call from
fetchUserSession()) would be great for auth service?
I just saw the Hook on Line 275 (t3lib_userauth), for filling
$this->user. I think this way should be possible too?
More information about the TYPO3-dev
mailing list